How do you secure your company network when your employees work remotely and the rest of your team is transitioning to remote work? The days of cramped desks across a crowded office building are over for many businesses.
An estimated 31% of the global workforce will be remote in 2022 and, in the US, that number climbs to 53%. To make things more complicated, teams are working from all over the globe and all logging in virtually.
Because most employees are working remotely, they tend to connect through a home network which can leave the company open to security breaches. How do you improve your remote team security? Read more to find out.
Use The Strongest Wi-Fi Encryption
When selecting your wireless encryption, select WPA2 with AES. Some wireless systems come with both “WPA2 Enterprise” and “WPA2 Personal.” In that case, pick “WPA2 Personal.” The WPA2 Enterprise usually requires additional authentication servers that your company may not have.
If the choice is between AES and TKIP, choose AES. In fact, the only encryption you should go for is WpA2 with AES. Others such as WPA, WEP and WPA-mixed aren’t as secure.
If your wireless network doesn’t support WPA2 with AES, consider updating your wireless equipment’s firmware. If WPA2 is still unavailable after a firmware upgrade, upgrade the wireless hardware. If you don’t want to upgrade the hardware, write the network off as an unsafe outside network. It’s still fine as a guest network as long as your employees connect through a VPN.
Change Your Guest Network Password
After making sure the network is using secure encryption, the next step is to choose a solid password (pre-shared key) for your wireless systems. WPA2 allows you up to 64 characters for pre-shared keys. If you want a truly strong password, then you will need to take advantage of that length and get creative. When it comes to passwords, longer is better. Passwords that are 12 characters or longer are almost impossible to crack (and hard to remember so make sure you use a password manager).
Another thing you can do to increase security is to use long passphrases. A passphrase is a sentence-like string of words used for authentication. An example of a passphrase is “whiskey tango foxtrot.”
Hide Your SSID
A good hacker can easily see your wireless even if you hide the network. However, hiding the network is enough to deter anyone passing by. To hide your network, go to settings and look for “Hide SSID” or “Broadcast SSID”. SSID is just a fancy way of saying network name. So, when you hide your SSID, your Wi-Fi network won’t show up on the list of “available networks.”
Once you locate your SSID settings, set Broadcast to “Off” or set Hide to “On”. Now your network is hidden from everyone but those who know the name. So, if a new party or team member wants to collaborate, they will need to know the name (SSID) of the guest network before they can connect to it.
Keep Your IoT Devices on A Separate Network
In a weekly tech advice column, the FBI Portland office recommended keeping your IoT and work devices on separate networks. So why would the FBI suggest keeping your laptop and refrigerator on separate networks? It minimizes the chance of a breach. If your laptop and IoT device were on the same network, a hacker could potentially gain access to valuable data on your computer by compromising your smart device.
However, when they’re separate, attackers can’t use your smart device as a direct route to your primary device. Non-technical users may find it hard to separate their IoT devices on a guest network. They can always use two routers. If you’re more tech-savvy, use ‘micro-segmentation’. Micro-segmentation is essentially a feature on Wi-Fi routers that allows you to create a guest or virtual network (VLAN). Although the VLAN runs on the same router, it will act as a different network.
Use Two-Factor Authentication
Authenticating a user’s identity is an important part of gaining access control. A username and a password are usually required to get access. You can improve the security of remote work by providing two login requirements instead of only one using two-factor authentication. It essentially adds another level of login security.
To grant access, two-factor or two-way authentication will ask the party for two distinct types of information. It employs login and password credentials as well as a pin code or secret phrase sent to the user’s email or phone. The chances of bad actors getting access to both bits of information are low and that is why this strategy works so well.
Every business should adopt a two-factor authentication model for their log-ins.
Conclusion
In a globally decentralized business landscape, malicious actors will continually present a risk to business network security. It is with this danger in mind that businesses must take preventative measures in securing remote work for their employees or suffer the consequences.
Need help setting up a guest network for your remote team? Then you need Sound Computers. Contact Us at (860) 577-8060.